APAR status
Closed as program error.
Error description
Multi-threaded JMS client applications might instigate an encryption key reset for every thread that shares a connection to MQ, but the queue manager did not expect this.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: Multi-threaded JMS client applications using connection pooling with TLSv1.3 ciphers that require a TLS encryption key reset during data transmission to ensure secure data transfer. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: TLSv1.3 ciphers require two encryption keys (one for each data flow path) and require the keys to be reset after a certain quantity of data is transferred to ensure continued secure data flow. A key reset requires the data flow to pause whilst the two sides of the connection exchange new keys for encrypting the data. The queue manager tracks how many key resets have been observed on each connection Multi-threaded JMS client applications instigate an encryption key reset for every thread that shares a connection, so, if there are many connection sharing threads, many resets may occur simultaneously. In this situation the accounting logic for key resets did not anticipate this volume of key resets, which resulted in the connection being closed.
Problem conclusion
The key rest accounting code has been updated to correctly handle multiple key resets from JMS clients. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.2 LTS 9.2.0.30 v9.3 LTS 9.3.0.20 v9.4 LTS 9.4.0.5 v9.x CD 9.4.1 The latest available maintenance can be obtained from 'IBM MQ Recommended Fixes' https://www.ibm.com/support/pages/recommended-fixes-ibm-mq If the maintenance level is not yet available information on its planned availability can be found in 'IBM MQ Planned Maintenance Release Dates' https://ibm.biz/mqplannedmaintenance ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT45438
Reported component name
MQ BASE V9.3
Reported component ID
5724H7291
Reported release
933
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-02-08
Closed date
2024-06-26
Last modified date
2024-06-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MQ BASE V9.3
Fixed component ID
5724H7291
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"933","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Document Information
Modified date:
26 June 2024